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C. REMARKS 

1, Summary of "the Claims 

Claims i-20 were pending in the application prior to this 
amendment. Claims 1, 8, and 14 are independent claims. 
Claims 1, 3, 7, 8, 10, 13, 14, 16, and 20 have been amended- 
Claims 2, 4, 6, 9, 12, 15, 17, and 19 have been cancelled. 
Claims 21-26 have been added. No new matter has been added. 
Claims 1, 3, 5, 7, 8, 10, 11, 13, 14, 16, 18, and 20-26 are 
currently pending in the application. Reconsideration of the 
claims is respectfully requested. 

2 . Examiner Interview 

Applicants note with appreciation the telephonic 
interview conducted between Applicants' representative and the 
Examiner on April 14, 2005. During the telephonic interview, 
the Examiner and Applicants' representative discussed the 103 
references (Goldstone, U.S. Publication No. 2002/0101819, and 
Klaus, U.S. Patent No. 5,892,903). In particular. Applicants' 
representative informed the Examiner that Applicants are 
submitting a declaration, pursuant to 37 C.F.R. § 1.131, with 
this response, declaring that Applicants conceived of the 
claimed invention before the filing date of Goldstone and 
showed diligence from the date of conception to the filing 
date of the subject application. Applicants' representative 
suggested incorporating the limitations of original dependent 
claim 2, which was rejected using Goldstone, into independent 
claim 1 in order for claim 1 to read over the art of record. 

In addition. Applicants' representative discussed the 
differences between Goldstone and the limitations included in 
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Applicants' claim 3, which are discussed in further detail 
below. 

Applicants'' representative also infonned the Examiner 
that Applicants are adding new claims in this response, each 
of which are supported by the original specification. While 
no agreement was reached regarding the claims^ Applicants 
respectfully submit that, as explained in further detail 
below, the amendments made to independent claims 1, 8, and 14, 
place these claims and their respective dependent claims in 
condition for allowance - 

3 > Drawings 

Applicants note that the Examiner did not indicate 
whether the formal drawings, filed with Applicants' 
application, are accepted by the Examiner. Applicants 
respectfully requests that the Examiner indicate whether the 
formal drawings are accepted in the next office communication. 

4. Claim Rejections 

Claims 1, 8, and 14 stand rejected under 35 U.S.C. § 
102(e) as being anticipated by Gupta et al. (U.S. Patent No. 
6,389,532, hereinafter ""Gupta"). Applicants respectfully 
traverse these rejections. 

Claims 3, 5, 10, 11, 16, and 18 stand rejected under 35 
U^S.C. § 103(a) as being unpatentable over Gupta in view of 
Goldstone (U.S. Publication No. 2002/0101819, hereinafter 
""Goldstone") . Applicants respectfully traverse these 

rejections. 
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The independent claims as amended are directed to 
'^preventing malicious netWork attacks" with limitations 
comprising: 

• receiving a packet from a client computer; 

• identifying the client computer by a source IP 
address ; 

• calculating a number of packets received using the 
source IP address during a time interval; 

• comparing the number of packets received with one or 
more configuration settings; 

• determining an action from a plurality of actions 
based on the comparing; and 

• executing the action. 

Applicants have amended claim 1 to incorporate the 
limitations of original claim 4- In addition, as discussed 
with the Examiner, Applicants have amended claim 1 to 
incorporate the limitations of original claim 2, which was 
rejected using the Goldstone reference. Applicants 
respectfully assert that Applicants conceived of the claimed 
invention before the filing date of Goldstone, and showed 
diligence from the date of conception to the filing date of 
the subject application. A declaration, pursuant to 37 C.F.R. 
S 1.131, has been duly executed by Applicant Dwip Banerjee and 
is included with this Response. Mr. Banerjee declares that he 
conceived of, in the United States of America, the invention 
described and claimed in the subject application . prior to 
January 31, 2001. Mr. Banerjee further showed diligence from 
the date of conception to the filing date of the subject 
application. Exhibit ^'A" to Mr. Banerjee' s declaration is the 
IBM Invention Disclosure Form that disclosed Applicants' 
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claimed invention. This disclosure was submitted to the IBM 
Intellectual Property Law Department in Austin, Texas prior to 
January 31, 2001. Mr. Banerjee's declaration under 37 C.F.R. 
§ 1.131, therefore, removes the Goldstone reference from 
consideration as prior art. Because, for the aforesaid 
reasons, the Goldstone reference is not prior art with respect 
to Applicants' claimed invention. Applicants respectfully 
assert that since claim 1 as amended includes the limitations 
of original claim 2 that was rejected using Goldstone, that 
amended claim 1 is allowable over the art of record. 

Claim 8 as amended is an information handling system 
claim including the same limitations of amended claim 1 and, 
therefore, is allowable for the same reason as amended claim 
1. Claim 14 as amended is a computer program product claim 
including the same limitations of amended claim . 1 and, 
therefore, is allowable for the same reason as amended claim 
1. 

Notwithstanding the fact that claims 3, 5, 10, 11, 16, 
and 18 are each dependent upon one of the amended claims 1, 8, 
or 14, and therefore allowable for the same reasons as their 
independent claims, claims 3, 5, 10, 11, 16, and 18 were 
rejected using the Goldstone reference, which is removed as 
discussed above. Therefore, claims 3, 5, 10, 11, 16, and 18 
are allowable over the art of record. 

In addition, notwithstanding the fact that claim 3 is 
allowaible for the reasons discussed above, claim 3 adds the 
limitations to amended claim 1 of: 
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• identifying a client data area based on the 
source IP address, the client data area 
including the number of packets received; and 

• incrementing the number of packets received. 

The Office Action contends that Goldstone teaches all the 
limitations included in Applicants' claim 3, and uses 
paragraph 0038 in Goldstone as its basis for rejecting claim 
3. However, upon closer inspection, Goldstone does not teach 
or suggest ^^identifying a client data area based on the source 
IP address, the client data area including the number of 
pa<;^}tets received.,, and incrementing the niaraber of packets 
received" as claimed by Applicants, Rather, Goldstone' s 
paragraph 0038 states that: 

^\..when a response is sent from the server to the client, 
acknowledging the intention to connect,, the attacking 
client merely ignores the response, resulting in a half- 
open connection... The server under these circumstances, 
not realizing that there is no intention to connect, 
assumes that the request is legitimate and reserves 
buffer space for the connection. .. [and] the server' s 
bandwidth will still get congested since the attacking 
client will continue to send bogus requests to the 
server." (emphasis added) 

As can be seen, the Office Action reference discusses a 
server's bandwidth becoming congested because the server 
accepts bogus packet requests from a malicious client, and 
never teaches or suggests ^'identifying a client data area 
based on a source IP address, the client data area including 
the number of packets received... and incrementing the number of 
packets received " as claimed by Applicants* 

The Examiner mentioned that it is inherent that a client 
increments the number of packets when Goldstone' s client sends 
packets. Applicants, however, are not claiming the client 
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incrementing the number of packets sent, but rather a 
receiving device, such as a server, incrementing the number of 
packets received . Applicants compare the number of packets 
received with one or more configuration, settings in order to 
determine v/hether to perform an action, such as reject a 
client's packet (claim 1 limitations)- The Office Action 
states that Gupta fails to teach the limitations in 
Applicants' claim 3, and indeed Gupta does not. Therefore^ 
since neither Gupta nor Goldstone teach or suggest, in whole 
or in part, all the limitations included in Applicants' claim 
3, claim 3 is allowable • 

Claim 10 is an information handling system claim 
including the same limitations of claim 3 and, therefore, is 
allowable for the same reason as claim 3. Claim 16 is a 
computer program product claim including the same limitations 
of claim 3 and, therefore, is allowable for the same reason as 
claim 3. 

Claims 7, 13, and 20 stand rejected under 35 U.S.C. § 
103(a) as being unpatentable over Gupta in view of Klaus (U.S. 
Patent No. 5,892,903, hereinafter ^^Klaus'') . Applicants 
respectfully traverse these rejections. 

Notwithstanding the fact that claim 7 is dependent upon 
amended claim 1 and therefore allowable for the same reasons 
as amended claim 1, claim 7 adds the limitations to amended 
claim 1 of: 

• providing a test script, the test script including 
one or more attack simulations; 

• processing the attack simulations included in the 
test script; 
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• determining whether to change one or more of the 
configuration settings based on the processing; and 

• changing one or more of the configuration settings 
based on the deteritiination. 

The Office Action contends that Klaus teaches all the 
limitations included in Applicants' claim 1, and uses column 
9, lines 1-41 in Klaus as its basis for rejecting claim 7. 
However^ upon closer inspection, Klaus does not teach or 
suggest ^'"determining whether to change one or more of the 
configuration settings based on the processing^ and changing 
one or more of the configuration settings based on the 
determination'' as claimed by Applicants. Rather, Klaus' s 
reference states that: 

^V.the system includes an IP spoofing attack generator 32, 
a source /destination address generator 34 and a service 
comiaand generator 36- Soutce/destination address 

generator 34 identifies the internet and physical 
addresses of the computers on the network 12 to be 
tested. Source /destination address generator 34 verifies 
that each computer on network 12 is emulated in IP 
spoofing attacks on all of the other computers on network 
12. In this manner, the inventive system exhaustibly 
tests all possible attack combinations on a network. 
Service command generator 36 generates conunands for a 
service which may be coupled to a port which IP spoofing 
attack generator 32 is able to initiate a communications 
connection... The service command received from command 
message generator 36 and the source and destination 
addresses received from source/destination address 
generator 34 are used by IP spoofing attack generator 32 
to provide data and header content for messages sent to 
transport layer 22 and network layer 24 of protocol stack 
20 which are used to implement the IP sx>oofing attack and 
detection" 

As can be seen, the Office Action reference discusses how 
Klaus tests a computer network for IP spoofing, but never 
teaches or suggests an action to take based on the results of 
the tests, let alone '^determining whether to change one or 
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more of the configuration settings based on the processing ^ 
and changing one or more of the configuration settings based 
on the determination" as claiired by Applicants. The Office 
Action states that Gupta fails to teach the limitations in 
Applicants' claim 1, and indeed Gupta does not. Therefore r 
since neither Gupta nor Klaus teach or suggest, in whole or in 
part, all the limitations included in Applicants' claim 7, 
claim 7 is allowable. 

Claim 13 is an information handling system claim 
including the same limitations of claim 7 and, therefore, is 
allowable for the same reason as claim 7. Claim 20 is a 
computer program product claim including the same limitations 
of claim 7 and, therefore, is allowable for the same reason as 
claim 7 . 

5. Claim Additions 

Applicants have added claims 21 through 26 to the subject 
application in this amendment. Each of claims 21 through 26 
are supported in the original specification and, therefore, do 
not add new subject matter • 

Notwithstanding the fact that claims 21, 23, and 25 are 
dependent upon claims 1, 8, and .14, respectively, and 
therefore allowable for the same reasons as amended claims 1, 
8, and 14, claims 21, 23, and 25 add ^^two-tiered" packet 
handling limitations to their respective independent claims of 
1) determining that the number of packets exceeds a first 
limit and sending a notification, 2) receiving a subsequent 
packet that increments the number of packets, and 3) 
determining that the incremented number of packets exceeds a 
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second limit and rejecting the subsequent packet. Gupta, 
Goldstone, and Klaus do not teach or suggest, in whole or in 
part, determining that a number of packets exceeds a first 
limit and a second limit as claimed by Applicants and, 
therefore, claims 21, 23, and 25 are allowable over the art of 
record ♦ 

Notwithstanding the fact that claims 22, 24, and 26 are 
dependent upon claims 1, 8, and 14, respectively, and 
therefore allowable for the same reasons as amended claims 1, 
8, and 14, claims 22, 24, and 26 add the limitations to their 
respective independent claims of 1) determining that the 
number of packets is higher than a historical usage, and 2) 
sending a notification in response to determining that the 
number of packets is higher than the historical usage. Gupta^ 
Goldstone, and Klaus do not teach or suggest, in whole or in 
part, tracking a historical usage, let alone determining that 
the number of packets is higher than a historical usage as 
claimed by Applicants and, therefore, claims 22, 24, and 26 
are allowable over the art of record. 



CONCLUSION 

As a result of the foregoing, it is asserted by 
Applicants that the amended claims in the Application are in 
condition for allowance, and Applicants respectfully request 
an early allowance of such claims . 

Applicants respectfully request that the Examiner contact 
the Applicants' attorney listed below if the Examiner believes 
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that such a discussion would be helpful in resolving any 
remaining questions or issues related to this . Application . 

Respectfully submitted. 



By < I^K^y^^l 



Joseph T. Van Levuwen 
Attorney for Applicants 
Registration No. 44,383 
Telephone: (512) 301-6738 
Facsimile: (512) 301-6742 
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Id re application of: 
Banerjee, et. a). 

Serial No.: 09/870,610 

Filed: May 3 1» 2001 

Title: System and Method for Extending 
Server Security Through Monitored 
Load Management 



§ Group Art Unit: 2141 % 1 Z 

§ Connmiation No;: 1787 

§ Examiner: Bayard, Djenane M 
§ 

5 Attorney Docket No. AUS92001036lUSr 

I Intellectual Property Law Department 

§ International Business 
§ Machines Corporation 

§ Intellectual Property Law Dept. 

§ 11400 Burnet Road 

§ Austin, Texas 7B75S 



nRr f .ARATION UNDER 37 C F.R. » 1.131 

Hon. Commissioner of Patents and Tradcmaiks 
Washington, D.C. 20231 

Sir. 

Dwip N. Banerjee declares as follows: 

1. I am an Applicant for the patent appUcation cmiUed "System and Method for Extending 
Server Security Through Monitored Load Management." S<ftial No. 09/870.610, filed May 
31, 2001, and an inventor of the subject roatter described and claimed therein. 

2. Prior to January 31. 2001. I conceived of. in the United States of America, the invention 
described and claimed in tbe subject application. I further showed diligence from the date of 
conception to the filing date of the subject application. Conception and diligence to filing is 
evidenced by the following: 
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a. I submitted IBM Invention Disclosure Form No, AUS8-20O1-0141. atiachtd as 
Exhibit A hereto, which describes the invention described and elaJmed in the subject 
application. 

b. Each of the dates deleted fronts Exhibit A is prior to January 3 1 , 2001 . 

c. I worked diligently with a patent attorney in order to file the subject application 
on May 31,2001, 

3. 1 further declare that all statements made herein of my own knowledge and all statements 
made on infomuition and belief are believed to be true; and further that these statements are 
made with the knowledge that willful and false statcnaents and the like so made arc 
punishable by fine or imprisonment or both under § 1001 of Title 18 of United States Code 
and that such wilifuJ and false statements may Jeopardize the validity of the above-referenced 
application and any patent issuing therefrom. 



FURTHER DECLARANT SAYETH NOT. 
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AUS8-5001-O141 Extending Server Seculty ThrouQh Monitored Lood Management - continued 

• KennelfTBan ni ng^Au §*Kf ' ; 
j Johnny Shieh/Austin/IBM i 
iThomas V/eaver/Austin/IBM j 
!KimTran/Austin/IBM 

: Arthur Tysor/Austin/IBM 1 
iDeanna Brown/Austin/IBM 
■ Alan MacKay/Austin/IBM 

iDwip N BanerjeByAustjr^^^^^^ 



Response Due to IP&L : 02/24/2001 
*Main Idea 

1. Describe your invention, stating the problem solved (it appropriate), and indicating the advantages of 

liflhtdinTsTwer modal servers which are listening on ports for clients can come under attacit from 
malicious clients which could keep the server busy handling them. This can result in 
loss of server time and the worst case scerario of the server crashing due to excessive 

load. 

2. How does the invention solve the problem or achieve an advantage.(a description of "the invention", 
including figures inline as appropriate)? . . u i i>«i^„ 
This problem can be solved by a kernel extension /deamon which will be monitonng the packets being 
received at the IP layer and maintain client usage statistics as per the example given below. 

Source IP Number_of_Packets Number_of_Packets Timejnlerval Sen/erPort Action 
Reed Allowed (in sees) 

^■3-149.49 200 500 2 UDP53 Bloc. 

202.4.4.4 500 300 2 UDP53 

InLadm 

Source IP IP address of Ihe client. 

Number.of.Packets Reed Number of packets received from client m the given Time.lnterva!. 
Number.of.Packets Allowed Number of packets allowed to be received from the client In the given 
Timejnterval. 

ServerPort > Port nunnber being nrtonitored. ^ 

Action :- Action to be taken if the client is sending more number of packets in the given time interval than 

allowed. For example 

I Block - Block the client i.e. set up a filter so that the packet from the client for given port doesn't reach 

the application ( the packet gets dropped at IP layer. 
• Inf^adm • Inform the system administrator. 

Number.of.Packets Allowed, Time Jntervat. ServerPort and Action are set by the system administrator in 
the configuration file. 

The above solution can be further extended to do the following 

1 ) Monitor the number of sockets opened for a given client to avoid DoS attacks. 

2) Can be used for Accounting and Billing for Services. 

3) Set customisable sen/ice management mechanisms on the sen/er. 

One of the advantages of our solution is that it can be used as a cheap solution to protect and regulate 
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AUS8'2001-014I ExtendiTQ Server Sec u/ity Through Monitored Locd Management - contlnuecJ 

access to systems / services outside a firewall and can also be used with firewalls to provide even stricter 
security. 

3. if the same advantage or problem has been Identified by others (inside/outside IBM), how have those 
others solved it and does your solution differ and why is it better? 

We are not aware of similar solutions proposed by anyone else. 

4. If the invention is implemented in a product or prototype, include technical details, purpose, disclosure 
details to others and the date of that implementation. 

We are not aware of any implementation. 

"Cntical Questions (Questions 1-9 must bo answered) 



'*Questlon 1 



jon what date was the invention workable? tf^HI^ Please format the date as MM/DD/YYYY 

i (Workable means i.e. when you know tha|your dsslg^^^^^ l^Q,PPbtem) 

r • " " O Yes 

i'^Question2 # No 
lis there any planned or actual publication or disclosure of your invention to anyone 

■outside IBM?_ _ .- 

:if7e^ Eriter "the name ofeachp^^^^ or patent and the date published below. 
I Pu blicalfOn/Patenl: 

. Dale PuWishad or Issued: ^ _ „^-^^-v. ■. -■— ^ 

[Are you aware of an^pubTications^^^ paTents that relate to this invention? O Yes 



No 



Iff yes" Enter the name of each publication or patent and the date published below. 
jPublicatiorVPaient: 

! Dele Published or issued: . _ 



- ■-■ - "* O Yes 

;*Question3 # No 
Has the subject matter of the invention or a product Incorporating the invention been 

jsold, used internally in manufacturing, anno^^^^^^ 

lis a saiertise in rtian'ufaSurin^^^^^^^ or proposal planned? O Yes 



No 



1f"Yes/idS or planned date of sale, announcements, or 

proposal and to whom the sale, announcement or proposal has been or will b© made. 



Product: 
.Version/Release: 
1 Coda Name: 
; Date: 
* To Whom: 



If more than one, use cut and paste andjippend asjiecessa^^^ 



i* Question 4 «. • ur 

Was the subject matter of your invention or a product incorporating your invention used in public, e.g.. 

ioutside IBM or in the preserice of non-IBMers? _^ 

j iryes7glve a date: "Please format the dateTs i^^^ O 
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/Question 5 '•no 
'Have you ever discussed your invention with ^thers not em ployed at IBM? 



Hi yesjdeatify individuals and date discussed. Fill in the text area with the following infonnanon, the 
! names of the Individuals, the employer, date discussed, under CDA, and CDA 



i*Question6 

iWas the invention, in any way. started or developed under a government contract or m No 

1 project? . 

111 Yes7enter the contract number 



O Yes 
• No 

O Not sure 



1^ ' Oybs 

! Question 7 # no 

•Was the Invention made in the course of any alliance, joint development or other q ^^^^ 
i contract activities? 

;if Yes. enter the following (InEj^S'L^^J' - ■ - 

I " ' * ' " " Name orAlliance, Contract^ 

i' Contract ID number _ . . . . . . . 



Relationship contact name 



Relationship contact E-mail 
Relationship contact phone 



r. " " OVes 

' Question 8 9 ho 

Have you. or any of the other inventors, submitted this same invention disclosure or 

similar invention disclosure £reviou^^^ _ ..„.._.„-......^^^^^^^ - 

If YesT please provide disclosure number below; 



^" ' """" """" O ves 

; Question 9 •no 
iAre you. or any of the other inventors, aware of any related inventions disclosures 

jsubmitted by anyone in IBM previously? _ _ „ „ 

rirYes7prease provide^he'dock^^^^^^ orTnyoTher" identifying information below: 



iSSafty^e of com do you expect to compete with inventions of this type? Check all that apply. 

iO ManufBCtufors ot enter prise servers 
IS Manufacturers of entry servers 
jC] Manufacturers of workstations 
jD fWlanufacturers of PC's 
iQ Non-computer manufacturers 
1(3 Developers of operating systenris 
ilS Developers of networkIr\g software 
jS Developers ot application software 
jKI Integrated solution providers 
O Service providers 
\3 other (Please specify below) 
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; Question 11 

II the invention relates to a product or service that is outside the scope of your business unit, please 
• reccTimend IBM business unit(s), IBM localion(s) or individual(s) v/ithin IBM that you think would prov.de 
i a good evaluation of your invention: 



Patent Value Tool (Optional - this may be used by the inventor and attorney to assist with the evalua 
(The Patent Value tool can be used by the inventor(s) to determine the potential licensing value of your 
invention.) 

No PVT score has been calculated. To calculate a PVT score, press the 'Calculate' button. 



Market 

What is the anticipated annual market size (in dollars) that wi[l be captured by your invention? 



CU^IMS 

Question 1 - Hov^ new is the technical field? 

Question 2 " Hovu central is the invention to the product(s) which rnight be expected to contain the 
invention? 

Question 3 - What is the scope of the clainn? 
PORTFOLIO NEED 

What are the portfolio needs in the area of your Invention? 
EXPLOITATION & ENFORCEMENT 

Question 1 • How easily can the use of the Invention by a competitor be detected? 
Question 2 - How easily can the use of the invention be avoided by a competitor? 

BUSINESS VALUE 

Question 1 - What percentage of the companies producing products in the field of this invention might use 
this invention? 

Question 2 - What is the value of this patent to current or anticipated Alliance Activity between IBM and 
other companies? 

Question 3 - What is the value of this patent to current or anticipated Technology Transfer Activity 
between IBM and other companies? 

Question 4 - Does it result in prestige to IBM? 
Post Disclosure Text & Drawings 

Enter any additional information relating to this disck)sure below: 
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